Neil Turner's Blog

Blogging about technology and randomness since 2002

Open invitation to hackers

While queueing at the checkout in Boots today, I saw that their ‘Advantage Point’ machines (where you insert your Boots loyalty card for details of extra offers) have their IP addresses and hostnames written on the back.
So I was about to write about how this is incredibly lax security and an open invitation to hackers, but then I actually looked at the IP address and found that it’s one reserved for internal networks and can’t be accessed from the internet. So you can’t nmap it and find out what services are running and which ports are open. Which is obviously a good thing.
It’s certainly better than when the new display screens were being set up in the student union bar – the username and password for the FTP server on the computer controlling them was displayed to everyone in the bar, as was the computer’s IP address.

3 Comments

  1. Hey Neil, I’m not sure how often you check LiveJournal, but please take a peek at my entries for today. You will need to be logged in; I think the subject I’m writing about might be of interest too you.

  2. And spelling is usually of interest to me – how embarrassing!

  3. Having the ip addresses noted on the back of the machines is really usefull if it’s not well documented anywhere. And that’s where the security lapse at Boots is – not having a well documented system where it’s almost as easy to look up the ip as it is to look on the back of the machine.
    And whilst it may be on a private subnet, there’s presumably not much stopping you installing some network sniffing equipment.
    On the other hand, the displays in the Courtyard don’t really have anything worth securing. Yes it would be amusing if somebody managed to put their own message up on them, but since they’ll all have public IP addresses they will be kept fairly secure. And then since it’s just Macromedia Director streaming stuff off the internet, you’d really have to hack the server it’s streaming from.